Re: [squid-users] SSL Acceleration

From: Robert Collins <robert.collins@dont-contact.us>
Date: Fri, 16 Mar 2001 09:28:02 +1100

----- Original Message -----
From: "HUNT_STEVE" <HUNT_STEVE@smc.edu>
To: "'Kieran Skinner'" <kieran.skinner@xal.co.uk>;
<squid-users@ircache.net>
Sent: Friday, March 16, 2001 4:15 AM
Subject: RE: [squid-users] SSL Acceleration

>
> I would like to do that too, but it is my understanding that it can't
be
> done in Squid (someone tell me that I'm wrong!)

You're wrong. There is an SSL acceleration branch on
squid.sourceforge.net

>
> In your case could you run SSL on the Internal Target Sites too? I
think
> Squid can do that.

Yes, but then you lose the benefits of a caching front end & increase
internal server CPU usage.

>
> Or require that your users have IE and a Microsoft OS then you can use
NTLM
> authentication, which is (more) secure.

Cough, Cough. More secure than what? string and needles? (SSL & basic
auth) is pretty secure. NTLM has so many password sniffing & cracking
tools out there I don't even want to think about using it on the net.
Combined with no defence against MITM attacks, MD4 not MD5 hashs for the
response...

Digest (RFC 2617)Authentication is also more secure than NTLM based http
authentication because each request is authenticated, not each
connection (prevents connection hijacking beyond a single request).

>
> What I wanted to do is let outside users authenticate to Squid then
relay
> traffic through our IP address space to 3rd party websites that
require
> IP-authentication. I think I am out of luck so far as SSL.

Have you tried the Squid SSL accelerator branch?

Rob
Received on Thu Mar 15 2001 - 15:28:37 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:58:39 MST